Auditor scopes

An auditor scope grants a person read-only access to one centre’s ledger for a bounded date window. It is how you give your statutory auditor, internal auditor, or an investigator the information they need without opening the full NGO to them.

What the auditor can see

  • All POSTED donations and expenses for the centre, within the date window.
  • Related donor and vendor records, with PAN masked.
  • The full audit log filtered to the centre and the date window.
  • Attachments linked to transactions in scope, downloadable via the usual presigned URLs.
  • The existing audit bundles for the window.

What the auditor cannot do

  • Create, edit, or void anything.
  • See data for any other centre or any period outside the scope window.
  • See unmasked PAN numbers.
  • Build new audit bundles — only Platform Admins can do that.
  • Impersonate anyone.

Granting a scope

Invite auditoremail
Pick tenant + datesstart + end
Step-upMFA code
Active scopeaudit-logged
  1. Go to Auditor scopes in the sidebar (NGO Super Admin only).
  2. Click + New scope.
  3. Enter the auditor’s email and full name.
  4. Pick the tenant and the start / end dates. Typical scope is the closing FY plus a month of buffer on each side.
  5. Optionally attach a free-text reason (e.g. “Statutory audit FY 2025–26”).
  6. Step-up with your MFA code and confirm.

The auditor receives an invitation email and sets their own password. Their login is just like any other user’s — MFA enrolment is required.

Expiry and revocation

  • Each scope carries an expiry date. After that date the auditor can still sign in but every read attempt returns a scope expired banner.
  • You can revoke a scope early from the same page. Revocation is audit-logged as AUDITOR_SCOPE_EXPIRED.
  • Expired scopes are never auto-deleted — they remain on the page as a record of who had what access and when.

Recommended workflow

  1. Close the fiscal year. Lock the period.
  2. Build an audit bundle for the FY and send it to the auditor as a first pass.
  3. Grant the auditor a scope covering the FY plus a 1-month buffer.
  4. The auditor reviews the bundle offline, then signs into Sukrit Nidhi to look up any transaction detail or attachment that the bundle summary didn’t answer.
  5. When the audit report is signed, revoke the scope.
Pairing a bundle with a scoped login gives the auditor the speed of an online tool with the evidence discipline of a signed archive. Most NGOs should do both; relying on the scope alone removes your ability to prove later that the ledger hadn’t been touched between their review and your sign-off.